Cyber Crime Conference serves up reminder of what lurks out there

Published 7:00 pm, Thursday, February 5, 2009

I just got back from the 2009 Cyber Crime Conference. The conference is sponsored by the U.S. Department of Defense and is geared toward law enforcement types.

Spent one afternoon listening to a pair of well-known hackers who reminded me just how much of an advantage some of these guys have over the ordinary folks who inhabit the Internet.

The first was Jeff Moss (known as Dark Tangent), the founder of DEF CON, one of the oldest computer hacker conferences. The second was Johnny Long with Hackers for Charity, a group that supports the education of kids in East Africa.

Moss spent a lot of time going over the history of hacking -- and to be clear, Moss and others argue that the term has been misused by the media as a generic reference for computer criminals. He says hackers, historically, have been about the quest for hidden knowledge, with a look-but-don't-touch approach to that knowledge.

By the end of his hour-long presentation, I have to say I was pretty well convinced that there's not much you can hide from people with so much desire to simply prove they can do what someone else says they can't.

That attitude was neatly summed up near the end of his talk when he mentioned plans to include -- at his next DEF CON event -- a contest to see if anyone can figure out a way to open a "tamper proof" lock without it showing any signs of having been tampered with: "When the manufacturer says something is tamper proof, doesn't that sound like a challenge?"

Still, Long's talk on "No Tech Hacking" (also the title of his book) may have been a bit more jarring. He described a wide range of simple methods for gathering information about people and their employers. Most involved nothing more than a small camera used to capture images of laptop screens, documents, ID badges and other items. Many of his sample photos were taken at airport gates.

He demonstrated how careless companies are about disposal of sensitive materials in their dumpsters. He showed how easy it can be to get into a secure building with nothing more than a counterfeit ID badge. And he played a few video clips showing how easy it is to defeat a common lock with a roll of toilet paper and another with an electric flosser.

Now Playing:

What do I learn from this? They can come at you from high (tech) and low (tech). But at least in the case of the low-tech approach, you can mount a fairly strong defense by simply paying attention to what's happening around you and not leaving sensitive info out for the world to see.